|
|
|
|
|
|
by spinachsalad
1311 days ago
|
|
|
> Maybe I just missed an obvious route to disable swaths of SELinux for rootless containers - where it probably doesn't have as much of an application. podman run --security-opt label=disable
https://github.com/containers/podman/blob/main/troubleshooti... Note: Labeling can be disabled for all containers by setting label=false in the containers.conf(5) file.
https://docs.podman.io/en/latest/markdown/podman-run.1.html#...But more secure way would be to add ":z" or ":Z" to volume and podman will auto-relabel source dir. Finally you can use nuclear option: "--privileged". It's still more secure than docker's one because you are limited by your user's capabilities. |
|
|